Friday, December 2, 2016

Right about the time my Facebook fan page started blowing up, all the scammers came out of the woodwork. It's pretty much what you'd expect, from the "hey I wired you a bazillion dollars so make me admin and I'll give you the codez" to the "hey i luv ur page make me admin plz,"

This one was novel because it took me a couple glances to read the domain name. There's so new top level domains nowadays that you have to mentally parse the URL, which is good for all the phishing scams.

The message begins with an ominous warning that your page has violated someone's terms.

Wednesday, November 30, 2016

Just like last time, I was looking up a movie (yeah, I watch a lot of movies) on IMDB when it redirected me to the URL below. Same "Urgent Chrome Update" message, and this time I noticed that it still says "Miller's Crossing (1990)" on the tab.

The domain is new: aamaebuzzbookmarks.com and the domain registration is locked down this time, so it's hard to follow up on like the last one. Others on Reddit have mentioned this type of malware redirect from large sites. My guess is that IMDB is still serving up infected ads.

I did notice from the WHOIS record that it looks like the domain was created today. Talk about zero day malware!

Here's the URL:https://aamaebuzzbookmarks.com/607841460074/c7d6e2f0a084a52fc656d78426e3e109/fc6061dc70679f0f99a7afc751be0eed.html

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registeredwith many different competing registrars. Go to http://www.internic.netfor detailed information.

Sunday, November 27, 2016

This is the second time in less than a week where I was looking at a movie on IMDB and it suddenly redirected me to an obvious malware link. Every couple of months I get a popup from Frontier asking to complete a customer satisfaction survey. Big ISPs often use what would best be described as a Javascript injection attack for all sorts of reasons.

So, I looked on my machine for an infection--there was none--and wondered where it came from. But this time I was paying better attention. It redirected to the following URL when I was just sitting there looking at an Al Pacino movie. Exact same site, exact same screen.

My guess is that IMDB is serving up a shady ad from whatever ad network they use.

Doing some digging, it doesn't seem like anyone else is reporting this issue. There's no way for me to say definitively that this came from IMDB--there's lots of ways to attack a computer--but it sure looks like it!

Malware scans come back clean and I haven't had any issues or anything suspicious with this Windows 10 / Chrome install. Uh, yeah, don't think I'll be clicking on this.

Friday, July 29, 2016

Many laptops come with Bluetooth built-in, but it's super easy to add a cheap Bluetooth dongle to your USB port and use your computer to listen to music, or share files, which is the subject of this article.

This article assumes you are using Windows 10, but I believe it would work similarly on Windows 8 or Windows 8.1, though Windows 10 is the version that finally got Bluetooth right as far as I'm concerned.

Step 1 - Make sure you have a Bluetooth adapter and that it's running.

Whether it's a USB dongle like the the one below, or whether Bluetooth is built into your system, you should see a little Bluetooth icon on your system tray, located on the bottom right of the screen.

Clicking on the arrow on the system tray will show you the logo:

Click on the Bluetooth icon and choose "Show Bluetooth Devices" and you should see the Bluetooth settings screen similar to below. Notice I have my headphones already paired.

Step 2 - Allow Connections To Your PC

Windows 10 doesn't trust any Bluetooth devices out of the box, so first you'll need to click on "More Bluetooth options" and you will see this popup dialog box:

Step 3 - Get Your PC Ready To Share Files

Make sure the "Allow Bluetooth devices to find this PC" is checked and then press the OK button.

Next, choose the "Send or receive files via Bluetooth" option on the Bluetooth settings screen, and you will see a new popup:

For this example, I will be receiving files to my PC sent from my Android 6 (Marshmallow) phone, which is probably the most common usage.

At this point, Windows will wait for an incoming connection from my phone.

Step 4 - Share From Your Phone

Choose some files or photos to share on your phone, such as a photo of a cute little dog, like my Zoey.

Pressing the little share icon in the lower right hand corner, I get a list of a whole bunch of ways I can share this photo. For this example, you'll want to click the Bluetooth icon.

You should then see your PC on the list of devices to share with. In this example, only my PC shows up on the list, clicking on the device name will start the process of sending the files, but you still have to go back to your PC to receive them.

Step 5 - Receive on your PC

At this point you should see a box pop up on your PC showing you the files being downloaded, like so:

Once your files are received, you see the finish screen:

My photo of Zoey is now on my PC! Notice I could put the file(s) somewhere else, but I just clicked the Finish button and put the file in my Documents folder.

Thursday, February 25, 2016

In a letter to its employees, Disney recently asked its employees to help corrupt politicians through the millions of dollars it spends on lobbying. Apparently that's not enough, because they are asking their employees to take payroll deductions to help fund DisneyPac, the IP protectionist Super PAC long known for getting laws favoring Disney literally rubber stamped.

The letter, according to Ars Technica, brags about getting the TPP treaty passed, among other things. The TPP for people who haven't heard of it, is an awful trade agreement which was negotiated in complete secrecy, lest anyone find out how bad it was, and quietly ratified by its member countries before anyone realized what was going on.

A few years back when ICE (yes, the immigration service) launched a campaign to stamp out file sharing sites (which it failed at,) it kicked everything off from Disney headquarters just to show everyone how corrupt our political system is.

So, if you work for Disney, they'd sure appreciate if you'd feed their political machine, which for some reason reminds me of this episode of South Park, where Mickey Mouse beats up the Jonas Brothers!

Thursday, January 28, 2016

It's bad enough that Epicurious sends me email spam every day that I've been powerless to stop. But then, long after I tried to unsubscribe from their emails, they give my email to their sister company, Vanity Fair, which starts sending me unwanted emails. I managed to get Vanity Fair to stop emailing me, but now it looks like the Epicurious email spam is pushing for people to subscribe to Vanity Fair. Their spam is now incestuous.

Nice. For only a dollar per month, I can subscribe to a shitty magazine! But all the unwanted emails--those will be free!

I did notice that Epicurious now has two different email footers. Looks like Conde Nast is consolidating all their spam into one giant machine.

The emails I've been getting all along have this footer:

But ever since Vanity Fair started emailing me, I noticed that the footer changed on the other emails coming from Epicurious.

Thursday, January 21, 2016

GearBest was a decent seller for me, until they started with the shady behavior, which I'm the first to call them out for. So, I would avoid them if at all possible. I gave the full story on my outdoor blog, but this has sort of become a blog focused on consumer protection and similar issues relating to technology, and overseas online shopping seems to fall into that category.

Today I got an unsolicited email from Vanity Fair, who I have no relationship with, and I've never visited their site. But I noticed the email came from Conde Nast, which also owns Epicurious, which I have been fighting with for 3 over months, the whole time being mercilessly spammed by them. It's pretty easy to make the connection that Epicurious shared my email address with their sister company, so they can join in the spam fun. What's funny is that Epicurious gave them my email address after my fight began with them.

The tag line is ... ironic.

I notice that the return address emails are different between the two companies;

Vanity Fair: email@condenast.delivery.net
Epicurious: epicurious@email2.epicurious.com
So it looks like Vanity Fair uses a third party email service provider, where Epicurious is sending spam from their own domain. Third party ESPs are usually a little more strict about the behavior of their clients, so I think there's a fair chance that Vanity Fair will honor the unsubscribe request--we'll see. I just noticed that email from Vanity Fair seems to really be coming from Epicurious.

Wait, maybe not. Is this email from Vanity Fair, or is it from Epicurious? It seems a little suspicious. Thank you, Conde Nast for sending me spam from Vanity Fair on behalf of Epicurious!

I got an austere screen when I clicked on the button.

Wait, which company did I unsubscribe from? This was a Vanity Fair email. Also note that that 10 days is the maximum allowed under the CAN-SPAM act. And from building back-end corporate computer systems for the last 25 years, the time it takes for a large system to process something like this is measured in milliseconds--thousandths of a second. So, it's kind of a dick move to spam you the full 10 days after you tell them to stop. Some systems will do a big batch processing every night, so maybe one day could be believable. But the full 10 days, yeah, that's dickish.

Here are the email headers from the above email. I know Conde Nast must be feeling a little heat, because these articles are starting to get some traction, and I'm receiving email from readers angry about Epicurious. We'll see if Vanity Fair gets my ire.

Update 1/24/2016: looks like the unsubscribe took. Now if I could just unsubscribe from their sister company, that would be a real victory.

Thursday, January 7, 2016

It's pretty simple in theory. People obey the law because there are consequences for not doing so. The problem begins when those "people" are large, multi-national corporations. Couple that with an almost complete "regulatory capture" of the communication and tech industries, and well, the law doesn't always always apply to corporations.

For those following along, Epicurious seems indifferent to an unsubscribe request, emails to their company, complaints to both the FCC and FTC, and the few people in cyberspace making a stink about it. Their communication infrastructure seems fine, as they continue to email me every day, even twice a days over the holidays, so I wonder why they won't communicate with me other than via spam.

So, I'm coming up on 3 months of doing what I can to get these people to stop sending me emails. Not a day goes by that they don't send me an email, but when I email them, no response. Day after day from them, like we're friends. In fact, few of my good friends even email me twice a day.

I'm just going to keep telling my story and linking the proof that they are not obeying the law, and hopefully someday their actions will catch up with them. I still have yet to start contacting email providers to try to get their domains black listed.

Notice below that they are spamming me from two different recipients: "Epicurious" and "Epicurious Cook This Now"

Here's the email headers on one of those random emails so everyone can see this is the same email I unsubscribed from. Notice that it also provides an unsubscribe URL. As I've always said, I believe they will continue to spam me until they are faced with tangible consequences, and then they will say "oops it was a mistake, sorry" to weasel out of it. Mark my words!